Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 5 subscribers
  • Views 17755 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NetBIOS Broadcasts normal

TrotterD

Hello, hope you are well.

I have been setting up a new SophosUTM alongside a TMG 2010 and Cisco ASA device. I have noticed in the logs on the TMG server that the UTM is sending out NetBIOS Name Service broadcasts out on the external interface.

Is this normal, or have I misconfigured something.

Thanks in advance

Dave



This thread was automatically locked due to age.
  • 0

    Hi Dave,

    There is an associated JIRA with our Sophos XG firewall where the NetBIOS traffic is forwarded through WAN and our developers are verifying the issue. I don't see anything such related to the UTM yet. I wonder if UTM also has the same behavior and you are correct if any internal Linux module generates it.

    Thanks

  • 0 in reply to TrotterD

    Hi Dave,

    thanks for your extensive explanation. I can surely confirm this behavior. We have some trusted AD-domains as well, but these are not used in UTM.

    After I implemented the DNS request routing to the trusted windows domains NetBIOS Broadcasts vanished. I implemented this short after 8 pm, the result can't be more clear:

    So this should be in the documentation, if you have any AD-Trusts made the DNS resolution available to the UTM.

    Best regards,

    Alex

  • 0 in reply to Alexander Busch

    Hi Alex, hope you are well.

    Thanks for the update on your scenario. I was thinking it may have just been a bug or a configuration issue of the system I implemented.

    I don't really like the idea of adding network definitions and DNS configuration for the customers partner company, just for a work around. I am a bit OCD but think that if its not required, it shouldn't be configured on the firewall as it allows more access and bigger footprint than need be. This is frowned upon in firewall configurations.

    But rather that than have this kind of traffic and internal system information being visible on the outside.

    Regards,

    Dave